andrewb007 Posted April 24, 2018 Share Posted April 24, 2018 I am an IT administrator/support for a small Organisation and we have dropbox users storing and sharing data (some of it could be confidential or sensitive). I was wondering if any one should be storing confidential or sensitive information in Dropbox. I have heard there are many security holes in it. tell me what you think? alternative? onedrive for business? Link to comment Share on other sites More sharing options...
Void-Byte Posted July 29, 2018 Share Posted July 29, 2018 If you absolutely have to use a cloud based storage solution I'd highly recommend Google Team Drive. Not only is it the same price as Dropbox but they also provide you with company email addresses ($10/u/m). They have a full suite of tools to protect your information and you can control all aspects of your data. You can lock types of files, restrict access based on domain, and even restrict the downloading/copying of documents. My company used to utilize dropbox but it's FARRRRRRR too easy for a user to mess everything up for everyone. -PsyNeu Link to comment Share on other sites More sharing options...
RandyCooper Posted July 31, 2018 Share Posted July 31, 2018 I do not trust cloud storages at all. I think there is always the possibility that someone will steal your data, but nobody would like that. Link to comment Share on other sites More sharing options...
NoExecute Posted August 3, 2018 Share Posted August 3, 2018 (Taking on the tinfoil hat) Maybe it's just me being paranoid here, but storing confidential data offsite (3rd party provider), and no encryption. No way, no matter who it is. For a small organisation, I would say, privately owned and run server, LUKS drives, and SSHFS, with gpg as an extra layer for individual file encryption. Some realtime monitoring for file read/write (Inotify), and you're on your way :) Depending on the workstations, LUKS and LUKS-Nuke option, maybe try looking into luks-TPM or opengpg smartcards and luks, and you're well on your way to something secure :) (Taking off the tinfoil hat again) Link to comment Share on other sites More sharing options...
WaterRide Posted August 6, 2018 Share Posted August 6, 2018 Dropbox and Google are cloud storage providers that can do what they want with your data as I've experienced with companies I work for. They also do not assist with investigations resulting to misuse of user log-in too. Link to comment Share on other sites More sharing options...
DocDizzy Posted September 15, 2018 Share Posted September 15, 2018 I also agree with building a personal cloud for your organization. It's a little more costly up front but there are many advantages. First you won't be forced to comply with another companies terms of service. One MAJOR issue with using any vendor cloud storage option is knowing where your data is physically stored. My manager and I were tasked with this project at my job. Realize that many vendors have written in their agreement that once the data is on their server that they own it. This is a major legal issue. It's crazy actually. Depending on where they are storing your info is extr6 important, and there are a crap ton of lawsuits against major cloud service providers right now due to lack of transparency. Wherever your data is stored you're forced to comply with local law. So different states, even counties within the states need to be researched. What if it's stored overseas? We are a finance management company for multiple companies. Obviously we have full personal financial information on the customers of the vendors whom we support. You can imagine why our law department requires vary detailed info on the physical storage location. Read this. https://www.greenhousedata.com/blog/legal-battles-over-local-data-why-your-cloud-location-matters It's not very well known, but it's a major issue. An example is Facebook. A lawsuit against them storing all users info I believe it was in San Fran meant they owned anything posted. They addressed the issue by moving their server to a different country so this is no longer true. They are probably the best example as the lawsuits are many, and unlike Google, Amazon and Microsoft; Facebook has become transparent. Another situation to take into account. Ransomware attacks are growing in numbers. What if the server location is attacked? It's happened with insurance agencies. Billing info client accounts, any info like policies were held for ransom. One company had to push all their customers payment to the next month causing double charge for that month and the previous. So what happens if where your data is stored is attacked? Suddenly you can't access any of that info. How long will you be down? What's the companies disaster recovery plan for this? Lots to think about until standards are set, but currently there are none. Go local for now. Bookmark this page. In my opinion everyone should have this page bookmarked for recovery situations. https://www.nomoreransom.org/en/decryption-tools.html It's updated very quickly, but obviously the newest needs to be cracked before they can provide fixes. But it's a priceless resource I feel. Good luck. Link to comment Share on other sites More sharing options...
Ittechpros Posted November 18, 2018 Share Posted November 18, 2018 You can create a free private cloud with internal and external live doc access with a few pieces. Spin up a freenas box (typically old server that you beef up on the cheap) https://www.freenas.org/ Setup you vdevs and lagg Create multiple storage pool Fire up multiple jails on one storage pool Load Ubuntu on that jail which is the same thing as a VM per say or a container it's storage with its own pid. On that Ubuntu instance load OwnCloud https://websiteforstudents.com/installing-owncloud-on-ubuntu-17-04-17-10-with-apache2-mariadb-and-php/ If you so desire to also do live editing of any of the resources on your shared storage either internal or cloud without relying on a MS Office license you can use OnlyOffice. What this means is people can open say a word doc from your own cloud using Onlyoffice on your iPhone iPad laptop and start editing it right there on the fly. Once you complete this you now have your own cloud. I would highly suggest using multiple network connections on your freenas and splitting them up on sepearte switches and enabling lagg functionality on those switch ports. This will really give you redundancy and speed up multiple people using multiple resources efficiently. Another piece is ensuring your locking down that traffic either by encrypting your traffic using OwnCloud and also creating your firewall rules, vlans, possible DMZ etc. Link to comment Share on other sites More sharing options...
wildposer Posted November 29, 2018 Share Posted November 29, 2018 Dropbox isn't secure at all. Have heard of SYNC? It provides security to cloud business data. Link to comment Share on other sites More sharing options...
digininja Posted November 29, 2018 Share Posted November 29, 2018 @wildposer Please elaborate on that statement about Dropbox Link to comment Share on other sites More sharing options...
wildposer Posted April 11, 2019 Share Posted April 11, 2019 I really love dropbox business model and affiliate program. Link to comment Share on other sites More sharing options...
INFOTRACE Posted September 29, 2019 Share Posted September 29, 2019 On 8/6/2018 at 1:21 PM, WaterRide said: Dropbox and Google are cloud storage providers that can do what they want with your data as I've experienced with companies I work for. They also do not assist with investigations resulting to misuse of user log-in too. Agree with your views. 🔥So, which one would you recommend? 😎 Link to comment Share on other sites More sharing options...
John1950 Posted October 3, 2019 Share Posted October 3, 2019 I don't like the idea of cloud storage. We use a product from Micro Focus called Filr https://www.microfocus.com/en-us/products/filr/overview Filr allows us to uses existing in house file servers and storage and allow users to share select files and folders with outside collaborators. This was used heavily by our architects and legal departments. Link to comment Share on other sites More sharing options...
Void-Byte Posted November 7, 2019 Share Posted November 7, 2019 On 8/6/2018 at 5:21 AM, WaterRide said: Dropbox and Google are cloud storage providers that can do what they want with your data as I've experienced with companies I work for. They also do not assist with investigations resulting to misuse of user log-in too. Your statement might be a far bit out of date, but Google will in fact assist in investigating user activities. We've had them assist us a few times especially when we kept getting alerts about failed login attempts from abnormal IPs (ended up being a VPN). Google Suite is a very common cloud based solution for storage/email/etc. Also, to respond to your first statement about "do what they want with your data" that has a very specific scope. Link to comment Share on other sites More sharing options...
Guest Posted November 7, 2019 Share Posted November 7, 2019 On 4/24/2018 at 1:10 AM, andrewb007 said: alternative? onedrive for business? For security and encryption in a business setting (end to end encryption), then Tresorit may be your best option (https://tresorit.com/). We have been testing it for a client, and I think it is a solid product. It is similar to Dropbox, but has a slightly different way of doing things that take a while to get your head around - but once you do, it seems to make sense. A bit more expensive than Dropbox though. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.